gdfhghjdfghgfhf Posted May 5, 2008 Share Posted May 5, 2008 hello, i am trying to modify a script i downloaded. Basically it is a script to get informations from a youtube video. You enter the url, then it gets the name of the video and the description here is the function to get the description function getdescription($videoid){ $yt_xml_description_string = @file_get_contents("http://www.youtube.com/api2_rest?method=youtube.videos.get_details&dev_id=BnvzCjJ_Bzw&video_id=".$videoid); $yt_xml_description_start = explode("<description>",$yt_xml_description_string,2); $yt_xml_description_end = explode("</description>",$yt_xml_description_start[1],2); $yt_description = addslashes($yt_xml_description_end[0]); return $yt_description; } as you can see the author is using addslashes (i suppose its to prevent injections) well the problem is that the description is displayed wrongfully... foreign characters appears weird, and there is a slash before each single quote I tryed using mysql_real_escape_string instead, but then the line break wouldnt display correctly. How can i get a normal description, in a safe way to not get my ass hacked? Quote Link to comment Share on other sites More sharing options...
Fadion Posted May 5, 2008 Share Posted May 5, 2008 Im sure there are better ways to do this, by parsing xml data, but as i have no idea on it i wont give any suggestions. On the topic, to remove the added slashes, simply use stripslashes(). Addslashes() or the other similiar but better function mysql_real_escape_string() is used to escape characters on strings which are going to be used on a database query. If your intent is just to print the description, dont use addslashes() at all. As for the weird characters, uve to set the correct character encoding. Place the following at the very beginning of your script: header('Content-Type: text/html; charset=utf-8'); Quote Link to comment Share on other sites More sharing options...
gdfhghjdfghgfhf Posted May 5, 2008 Author Share Posted May 5, 2008 if i use mysql_real_escape , then my line breaks will be messed up if i use stripslashes, the /n will become just "n" so it's still messed up if i use no protection at all, then i will be vulnerable to sql injections? Quote Link to comment Share on other sites More sharing options...
gdfhghjdfghgfhf Posted May 5, 2008 Author Share Posted May 5, 2008 oh yeah, and the script adds the description to the database after echo'ing it Quote Link to comment Share on other sites More sharing options...
gdfhghjdfghgfhf Posted May 6, 2008 Author Share Posted May 6, 2008 bump Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 6, 2008 Share Posted May 6, 2008 function getdescription($videoid){ $yt_xml_description_string = @file_get_contents("http://www.youtube.com/api2_rest?method=youtube.videos.get_details&dev_id=BnvzCjJ_Bzw&video_id=".$videoid); $yt_xml_description_start = explode("<description>",$yt_xml_description_string,2); $yt_xml_description_end = explode("</description>",$yt_xml_description_start[1],2); $yt_xml_description_end[0] = str_replace(array("\r\n", "\n", "\r"), "<br />", $yt_xml_description_end[0); $yt_description = stripslashes($yt_xml_description_end[0]); return $yt_description; } Made 2 changes. Should work. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.